cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3942,https://securityvulnerability.io/vulnerability/CVE-2024-3942,Unauthorized Access and Data Modification in MasterStudy LMS Plugin for WordPress,"The MasterStudy LMS WordPress Plugin for Online Courses is susceptible to unauthorized access and data manipulation due to a lack of necessary capability checks on various functions. This vulnerability affects all versions up to and including 3.3.8 and enables authenticated users with subscriber-level permissions to read and alter sensitive content, including course material, post titles, and taxonomy settings. This significant security gap highlights the need for vigilance and timely updates to maintain the integrity of educational platforms relying on this plugin.",Wordpress,Masterstudy Lms WordPress Plugin – For Online Courses And Education,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:11.285Z,0
CVE-2024-3136,https://securityvulnerability.io/vulnerability/CVE-2024-3136,Local File Inclusion Vulnerability in MasterStudy LMS Plugin for WordPress,"The MasterStudy LMS plugin for WordPress is susceptible to Local File Inclusion due to a flaw in the 'template' parameter. This vulnerability allows unauthorized attackers to include and execute arbitrary files on the server, potentially leading to the execution of malicious PHP code. Such exploitation can bypass access controls, allow unauthorized access to sensitive information, and could enable the execution of unexpected code through file types that are generally considered safe for upload. All versions up to and including 3.3.3 are affected, highlighting the need for immediate action to secure these installations.",Wordpress,Masterstudy Lms WordPress Plugin – For Online Courses And Education,9.8,CRITICAL,0.0008399999933317304,false,,false,false,false,,false,false,2024-04-09T18:59:08.441Z,0
CVE-2024-1904,https://securityvulnerability.io/vulnerability/CVE-2024-1904,Unauthorized Access to Data Due to Missing Capability Check,"The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts.",Wordpress,Masterstudy Lms WordPress Plugin – For Online Courses And Education,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T18:58:37.248Z,0
CVE-2024-2411,https://securityvulnerability.io/vulnerability/CVE-2024-2411,Arbitrary File Inclusion Vulnerability in MasterStudy LMS Plugin for WordPress,"The MasterStudy LMS plugin for WordPress, developed by Stylemix Themes, is susceptible to a Local File Inclusion vulnerability that affects all versions up to and including 3.3.0. This issue arises through the 'modal' parameter, permitting unauthenticated attackers to include and execute arbitrary files on the server. The exploit allows for the execution of any PHP code contained within those files, posing a serious risk of bypassing access controls. Consequently, this vulnerability may lead to unauthorized access to sensitive data and potentially facilitate broader code execution attacks, exploiting scenarios where 'safe' file types like images can be uploaded and included.",Wordpress,Masterstudy Lms WordPress Plugin – For Online Courses And Education,9.8,CRITICAL,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-29T08:31:30.436Z,0
CVE-2024-2409,https://securityvulnerability.io/vulnerability/CVE-2024-2409,Unauthenticated Privilege Escalation Vulnerability in MasterStudy LMS Plugin,"The MasterStudy LMS plugin for WordPress exhibits a vulnerability that allows unauthenticated attackers to escalate privileges, particularly gaining administrator-level access through the _register_user() function linked with the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This occurs due to inadequate validation checks present in all versions prior to 3.3.2. When the LMS Forms Editor add-on is enabled, this flaw enables malicious actors to exploit the system and register themselves or others with elevated permissions, posing serious security risks to any website utilizing this plugin. Website administrators are urged to update to the latest version and review their security configurations.",Wordpress,Masterstudy Lms WordPress Plugin – For Online Courses And Education,9.8,CRITICAL,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-29T08:31:29.816Z,0
CVE-2024-2106,https://securityvulnerability.io/vulnerability/CVE-2024-2106,Information Exposure Vulnerability in MasterStudy LMS WordPress Plugin,"The MasterStudy LMS WordPress Plugin, used for managing online courses and education, is affected by an Information Exposure vulnerability in versions up to and including 3.2.10. This flaw allows unauthenticated attackers to gain access to sensitive information, specifically the usernames and email addresses of all registered users. Such data can be exploited for further malicious activities, leading to potential account compromises and increased security risks for the affected users.",Wordpress,Masterstudy Lms WordPress Plugin – For Online Courses And Education,7.5,HIGH,0.0006000000284984708,false,,false,false,false,,false,false,2024-03-13T15:26:39.888Z,0
CVE-2024-1512,https://securityvulnerability.io/vulnerability/CVE-2024-1512,Unauthenticated SQL Injection Vulnerability in MasterStudy LMS WordPress Plugin,"A vulnerability exists in the MasterStudy LMS WordPress Plugin for Online Courses and Education, which allows for union based SQL Injection via the 'user' parameter in the /lms/stm-lms/order/items REST route. This flaw originates from inadequate escaping of the user-supplied input and fails to sufficiently prepare the SQL query. As a result, unauthenticated attackers can inject malicious SQL queries that append to existing queries, potentially facilitating the extraction of sensitive information from the database.",Wordpress,Masterstudy Lms WordPress Plugin – For Online Courses And Education,9.8,CRITICAL,0.0008399999933317304,false,,false,false,true,true,false,false,2024-02-17T07:36:57.426Z,0
CVE-2023-35093,https://securityvulnerability.io/vulnerability/CVE-2023-35093,WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Broken Access Control,"Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the ""Orders"" of the plugin and get the data related to the order like email, username, and more.",Wordpress,MasterStudy LMS WordPress Plugin – for Online Courses and Education,6.5,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2023-06-22T12:15:00.000Z,0
CVE-2023-35090,https://securityvulnerability.io/vulnerability/CVE-2023-35090,WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Cross Site Scripting (XSS),Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.7 versions.,Wordpress,MasterStudy LMS WordPress Plugin – for Online Courses and Education,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2023-06-22T11:15:00.000Z,0